-
7/29/2019 Chuong 13 - Internet Trong Doanh Nghiep - Quan Ly
Internet
1/24
1
Chng 13:Internet trong doanh nghip,
Qun l InternetD n HEDSPI
Khoa CNTT- HBK H Ni
Ging vin: Ng Hng SnB mn Truyn thng v Mng my tnh
-
7/29/2019 Chuong 13 - Internet Trong Doanh Nghiep - Quan Ly
Internet
2/24
2
Ni dung
Internet trong doanh nghip NAT, Firewall, VPN
Qun l Internet
Cc t chc chun ha Tiu chun
-
7/29/2019 Chuong 13 - Internet Trong Doanh Nghiep - Quan Ly
Internet
3/24
3
Enterprise Internet
-
7/29/2019 Chuong 13 - Internet Trong Doanh Nghiep - Quan Ly
Internet
4/24
4
Enterprise Internet
Cc t chc doanh nghip s dng Internet nh th
no?
Cc thnh phn ca mng doanh nghip NAT (Network Address
Translation)
Firewall
VPN (Virtual private network)
Spam Mail Filter, Web Contents Filter VRRP
.
-
7/29/2019 Chuong 13 - Internet Trong Doanh Nghiep - Quan Ly
Internet
5/24
5
Nhn li lch s Internet
Internet ngy xa: Dng cho cc t chc nghin cu v gio dc An ton, an
ninh cha phi l vn ln Ngi s dng ton l ngi tt
Internet ngy nay: Dng cho rt nhiu mc ch, e.g kinh doanh,
thng
mi,
Ngi s dng: a dng Vn an ton an ninh phi c quan tm
-
7/29/2019 Chuong 13 - Internet Trong Doanh Nghiep - Quan Ly
Internet
6/24
CC
PC PC
Branch 2
Mt mng doanh nghipISP
Firewall
Application SV3MailWEB
DepartmentServer 1
PC
Router
Application SV2
Application SV1
PC PC PC PC PC PC PC
DepartmentServer 1
RouterRouter
VPN
PC PC
PC PC
DMZ (De Militarized Zone)
Headquarter
US Office
European Office
Domestic Branch 1
CC
PC PC
CC
CC Communication Controller
Leased Line
Internet
Department 1 Department 2
Mobile PCWith VPN Client
ISP
VPN
VPN
ISP
ISP
-
7/29/2019 Chuong 13 - Internet Trong Doanh Nghiep - Quan Ly
Internet
7/24
NATNetwork Address Translation
IPv4: Mt t chc chc vi /c IP thc a chIP ring c s dng bn trong
NAT: Chuyn Private Address (Port Number)
sang Global Address v ngc li NAT (phn mm chy trn router/server):
c mtbng chuyn i a ch
192.168.255.255
172.31.255.255
10.255.255.255
Highest Address
65,536192.168.0.0192.168.0.0/16
1,048,576172.16.0.0172.16.0.0/12
16,777,21610.0.0.010.0.0.0/8
Number of HostsLowest AddressPrefix
Reserved addresses for private network
-
7/29/2019 Chuong 13 - Internet Trong Doanh Nghiep - Quan Ly
Internet
8/24
8
Bc tng la - Firewall
Firewall (Phn cng/mm) Chn cc gi tin khng mongmun/Cho php cc gi
tin cn thit i vo/ra mng mt tchc.
V c bn, c 2 loi: Packet Filtering Application Gateway
Internet
Internal Network Firewall
-
7/29/2019 Chuong 13 - Internet Trong Doanh Nghiep - Quan Ly
Internet
9/24
9
B lc gi tin
Tt c cc gi tin vo/ra u phi i qua firewall B lc kim sot gi tin da
vo :
- IP source, destination address- IP Protocol Type
:TCP,UDP,ICMP,OSPF- TCP/UDP source, destination port.
Vic lc da trn cc chnh sch ca t chc Chnh sch c th hin qua vic t
cc rule cho firewall
Deny*****4
TCP
TCP*
Protocol
*
**
Source Port
25
25*
Dest Port
10.1.*
10.2.3.**
Destination
Allow*3
Allow*2Deny10.1.2.31
ActionSource#
An example of filtering rule
*: Means any
-
7/29/2019 Chuong 13 - Internet Trong Doanh Nghiep - Quan Ly
Internet
10/24
10
Gateway ng dng, kt hp vi b lc gi, cung cp phng phptruyn thng an
ton cho cc ng dng vo/ra ca t chc
Mt s ng dng: Telnet, FTP,HTTP c th c cu hnh chs c qua
gateway
Gateway kim sot tn truy cp/mt khu
B lc chcho php ng dng xut pht t gateway.
Gateway ng dng
PC PC PC PC
DepartmentServer 1
Router
Department
Internet
Firewall
ApplicationGateway
User A
Telnet toGateway frominside Telnet to outside
host from Gateway
Filtering
-
7/29/2019 Chuong 13 - Internet Trong Doanh Nghiep - Quan Ly
Internet
11/24
11
VPN Mng ring o
VPN: cho php s dng kt ni Internet nh ng truyn ring. Cc cng ngh c
bn:
M ha
Xc thc V d:
IPSec (IP security protocol): H giao thc IP. ESP protocol (Mt
dng ca IPSec) cho php m ha cc on tin
TCP bn trong gi tin IP
IP header TCP/UDP segmentESPheader
encrypted
authenticated
The ESP fields in the IP datagram
ESPTrailer ESPauthent
-
7/29/2019 Chuong 13 - Internet Trong Doanh Nghiep - Quan Ly
Internet
12/24
12
Internet Governance
-
7/29/2019 Chuong 13 - Internet Trong Doanh Nghiep - Quan Ly
Internet
13/24
13
Ai qun l Internet?
1969, RFC1
1973, Ethernet
1990, ISP thng mi u tin (The World)
1993, InterNIC (Network Information Center) 1998, ICANN
(Internet Corporation for
Assigned Names and Numbers)
-
7/29/2019 Chuong 13 - Internet Trong Doanh Nghiep - Quan Ly
Internet
14/24
14
Chun ha Internet
-
7/29/2019 Chuong 13 - Internet Trong Doanh Nghiep - Quan Ly
Internet
15/24
15
Cc t chc lin quan n vic
chun ha Internet ISOC (Internet Society)
Chu trch nhim v chunha Internet
IAB (Internet ArchitectureBoard)
IESG (Internet EngineeringSteering Group)
y ban ca ISOC, chu trchnhim duyt, thng qua chunk thut
IETF (Internet EngineeringTask Force)
Pht trin cc chun k thut
IANA (Internet Assigned
Numbers Authority) Cp pht ti nguyn: a ch,
s hiu mng
ICANN (Internet Corporationfor Assigned Names andNumbers)
Qun l cp pht tn min va chIP
IETFIETF
RFC-Editor ICANN
IANA
IESG
IAB
ISOC
ISTFIRTF
area area area
WG WGWGWGWGWG
-
7/29/2019 Chuong 13 - Internet Trong Doanh Nghiep - Quan Ly
Internet
16/24
16
IETF
-
7/29/2019 Chuong 13 - Internet Trong Doanh Nghiep - Quan Ly
Internet
17/24
17
IETF
T chc phi li nhun
Xy dng cc ti liu k thut (RFC) v
Internet Free
http://www.ietf.org/
-
7/29/2019 Chuong 13 - Internet Trong Doanh Nghiep - Quan Ly
Internet
18/24
18
Ti liu lin quan
RFC (Request For Comments)
Internet-Drafts
Min ph trn Internet
-
7/29/2019 Chuong 13 - Internet Trong Doanh Nghiep - Quan Ly
Internet
19/24
19
IETF Working Group
C khong 100 WGs trong 8 lnh vc
http://www.ietf.org/html.charters/wg-dir.htmlApplication
General
Internet Operations and Management
Routing Security
Transport Sub-IP
Hng dn v WG RFC1603
Thnh vin: tham gia vi t cch c nhn
-
7/29/2019 Chuong 13 - Internet Trong Doanh Nghiep - Quan Ly
Internet
20/24
20
ISO vs. IETF
Quc gia vs. C nhn Vote vs. Discuss De jure vs. De facto
-
7/29/2019 Chuong 13 - Internet Trong Doanh Nghiep - Quan Ly
Internet
21/24
21
Quy trnh a ra giao thc
trong IETF
1. xut giao thc Internet Draft Ly kin
2. Cc bc phi thng qua Standards Track
Proposed Standard
Draft Standard
Standard
3. c chp nhn rng ri nh 1 giao thc
-
7/29/2019 Chuong 13 - Internet Trong Doanh Nghiep - Quan Ly
Internet
22/24
22
Mt s t chc khc IEEE: Institute of Electrical and Electronic
Engineers
ITUInternational Telecommunication Unit
(http://www.itu.int/)
ISOInternational Organization for
Standardization(http://www.iso.ch/)
W3CWorld Wide Web Consortium (http://www.w3.org/) WIPO, INTA
DAVIC USENIX ACM Sigcomm etc..
-
7/29/2019 Chuong 13 - Internet Trong Doanh Nghiep - Quan Ly
Internet
23/24
23
Vn qun l a chICANN
IANA
-
7/29/2019 Chuong 13 - Internet Trong Doanh Nghiep - Quan Ly
Internet
24/24
24
Acknowledgement
This course materials contains charts and texts
provided by Keio University, Japan
